[4581] in Kerberos
Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (Charles Hall)
Wed Feb 8 19:54:18 1995
To: kerberos@MIT.EDU
Date: 8 Feb 1995 17:04:55 -0500
From: chall@nando.net (Charles Hall)
I user Kerberos primarily as a password server to my Terminal Server (Xyplex).
As such, I don't know much about tickets, etc. Bearing that in mind...
Is it a security risk to let users have access to the 'kinit' command? Can't
they sit and hammer it all day trying to break someone else's password by brute
force? On the other hand, the man page makes it sound like 'kinit' is a perfectly
legitimate user command. Is there some built-in safe-guard to prevent brute force
attacks?
Thanks!
